Category Archives: IdentityModel

Tracing in Thinktecture.IdentityModel

Posted on July 4, 2013 by Dominick Baier

A very common question is: “my Web API returns a 401. Why?” The easiest way to find out, is to enable tracing in IdentityModel. Add the following code snippet to your web.config: <system.diagnostics> <trace autoflush=“true“ /> <sources> … Continue reading →

Posted in IdentityModel, WebAPI | Leave a comment

NDC Oslo 2013 Slides and Videos

Posted on June 27, 2013 by Dominick Baier

The NDC videos are online now! Web API Security (includes first public demo ever of AuthorizationServer)Video: https://vimeo.com/68327244Slides: https://speakerdeck.com/leastprivilege/securing-asp-dot-net-web-api-ndc-oslo-2013 OAuth2 – The good, the bad and the uglyVideo: https://vimeo.com/68331687Slides: https://speakerdeck.com/leastprivilege/oauth2-the-good-the-bad-and-the-ugly-ndc-oslo-2013 Enjoy!

Posted in .NET Security, AuthorizationServer, IdentityModel, IdentityServer, OAuth, WebAPI | Leave a comment

30K Downloads of Thinktecture IdentityModel

Posted on June 23, 2013 by Dominick Baier

Thanks for all your feedback and support!

Posted in IdentityModel, WebAPI | 2 Comments

Thinktecture IdentityServer v2.2

Posted on June 20, 2013 by Dominick Baier

Every now and then I take a snapshot of the current main branch and package it into a published build. It’s that time again. Have a look here for v2.2: http://thinktecture.github.io/Thinktecture.IdentityServer.v2/downloads/ The big thing for this release is certainly the … Continue reading →

Posted in IdentityModel, IdentityServer, OAuth, WebAPI | Leave a comment

Authentication in AuthorizationServer

Posted on June 18, 2013 by Dominick Baier

AS does not do its own authentication – that’s by design. When you download from the repo, AS is set up to be a WS-Federation relying party. In the configuration folder of the WebHost project you’ll find two config files: … Continue reading →

Posted in AuthorizationServer, IdentityModel, IdentityServer, OAuth, WebAPI | 3 Comments

What’s in an AuthorizationServer Access Token?

Posted on June 17, 2013 by Dominick Baier

The main job of AS is to produce access tokens in the JWT format. The client and the user provide the following input information for that process: Clientapplication (via the endpoint URL), client identifier, scopes Useridentity, consent to the requested … Continue reading →

Posted in AuthorizationServer, IdentityModel, OAuth, WebAPI | 4 Comments

Relationship between IdentityServer and AuthorizationServer

Posted on June 16, 2013 by Dominick Baier

We released a preview version of AuthorizationServer this week. AuthorizationServer is an implementation of the OAuth2 design pattern and helps making API authorization easier. IdentityServer also has OAuth2 endpoints – so you might ask yourself why we started from scratch … Continue reading →

Posted in IdentityModel, IdentityServer, OAuth, WebAPI | 7 Comments

IdentityModel v3 changes

Posted on June 15, 2013 by Dominick Baier

I have updated all the projects (IdentityModel, IdentityServer and AuthorizationServer) and the corresponding samples to the GA version of the Microsoft JWT handler. While doing that, I took the opportunity to clean up IdentityModel quite a bit. This resulted in … Continue reading →

Posted in IdentityModel, WebAPI | 1 Comment

NDC Oslo 2013 Slides

Posted on June 14, 2013 by Dominick Baier

As usual this was my favourite conference of the year! I already uploaded the slides – I will keep you posted once the videos are online as well. Securing ASP.NET Web API OAuth2 – The good, the bad & the … Continue reading →

Posted in IdentityModel, IdentityServer, OAuth, WebAPI | Leave a comment

Announcing Thinktecture AuthorizationServer

Posted on June 13, 2013 by Dominick Baier

Today at NDC I announced Brock’s and my new open source project – Thinktecture.AuthorizationServer. AuthorizationServer (AS from now on) is an implementation of the OAuth2 patterns I described here.It has an implementation of the four OAuth2 flows and a nice … Continue reading →

Posted in Conferences & Training, IdentityModel, IdentityServer, OAuth, WebAPI | 5 Comments